CN115174186B - Address book visibility processing method, device, equipment and medium - Google Patents

Address book visibility processing method, device, equipment and medium Download PDF

Info

Publication number
CN115174186B
CN115174186B CN202210760062.7A CN202210760062A CN115174186B CN 115174186 B CN115174186 B CN 115174186B CN 202210760062 A CN202210760062 A CN 202210760062A CN 115174186 B CN115174186 B CN 115174186B
Authority
CN
China
Prior art keywords
user
attribute
visibility
type
blacklist
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210760062.7A
Other languages
Chinese (zh)
Other versions
CN115174186A (en
Inventor
梁福坤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jingdong City Beijing Digital Technology Co Ltd
Original Assignee
Jingdong City Beijing Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jingdong City Beijing Digital Technology Co Ltd filed Critical Jingdong City Beijing Digital Technology Co Ltd
Priority to CN202210760062.7A priority Critical patent/CN115174186B/en
Publication of CN115174186A publication Critical patent/CN115174186A/en
Application granted granted Critical
Publication of CN115174186B publication Critical patent/CN115174186B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a medium for processing visibility of an address book. According to the address book visibility processing method, device, equipment and medium, after an information query request is received, the permission rule corresponding to the user belonging set is obtained according to the user identifier, the black-and-white list set is determined according to the permission rule, and the visibility set of the user is determined according to the priority of the permission rule corresponding to each type set. And then, according to the visibility set of the user, information which the user wants to inquire is returned to the terminal equipment so as to be convenient for the user to check. According to the scheme, when the visibility set is calculated, the mode of combining and processing the blacklist and the whitelist is used, so that the flexibility of authority configuration is improved, and the application scene is wider.

Description

Address book visibility processing method, device, equipment and medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a medium for processing visibility of an address book.
Background
Along with the rapid development of technology, the existing form of the address book is changed from original paper to electronic form, and the information in the address book is more and more rich, including: name, phone number, home address, job title, department, etc. The address book is more used in an instant messaging (INSTANT MESSAGING, abbreviated as IM) system of an organization, and a user can check address book information of other users through the address book of the organization. The visibility of the organization address book refers to whether the user has authority to check other users when searching the address book of the organization and checking the address book of the organization, and which information in the address book can be checked according to the authority of the user when the user has authority to check other users.
In the prior art, when a user is authorized, the authorization is generally performed in three aspects, including: organization, role and label, the authorization mode used is visual mode authorization. Rights are set for each department in an organization, for example: the staff at home can see the staff at home; rights are set for each character, for example: all staff in the role can see the job of all people; rights are set for each tag, for example: all employees in the present tag see all people in role B. When a user searches an address book or views an address book of an organization, a server can acquire a corresponding white list set according to three rights of the user, so as to obtain a visibility set of the user, and the user right viewing information is returned to the terminal for viewing by the user according to the visibility set. However, in this way, the configuration cannot be performed for a certain user, and for certain information, and when the authorization scope is updated, the user needs to be re-authorized, and the configuration mode of the authority of the user is complex, so that the flexibility is low.
In summary, in the prior art, no visibility processing scheme has been known, which has high flexibility, can perform denial authority configuration on certain information, and can perform subtraction in a set.
Disclosure of Invention
The embodiment of the application provides a processing method, a device, equipment and a medium for address book visibility, which are used for solving the problems that in the prior art, no visibility processing scheme which has higher flexibility, can carry out refusal permission configuration on certain information and can carry out subtraction in a set is available.
In a first aspect, an embodiment of the present application provides a method for processing visibility of an address book, including:
receiving an information inquiry request sent by terminal equipment of a user, wherein the information inquiry request comprises an identifier of the user;
acquiring authority rules corresponding to at least one set to which the user belongs from a database according to the identification of the user, wherein the authority rules comprise all authorities set in a visible mode and/or authorities set in an invisible mode;
Determining at least one visible white list set and at least one invisible black list set of the user according to the authority rule, wherein each set to which the user belongs corresponds to one black list set and one white list set;
According to the priority of the authority rule corresponding to each type set in the at least one set, the at least one blacklist set and the at least one whitelist set, a visibility set corresponding to the user is calculated, and the visibility set comprises all visible main body information and/or attribute information of the user;
and returning the information queried by the user to the terminal equipment according to the visibility set.
In a specific embodiment, the obtaining, according to the identifier of the user, the permission rule corresponding to at least one set to which the user belongs from a database includes:
Acquiring at least one set to which the user belongs according to the identification of the user, wherein the type of the at least one set comprises at least one type of an organization set, a role set, a label set and other sets;
For each set to which the user belongs, inquiring and acquiring a main rule and an attribute rule corresponding to the set from rules stored in the database in advance;
The authority rule corresponding to each set to which the user belongs comprises a main rule and an attribute rule corresponding to the set, and the main rule comprises: the rights of the users of the set are visible and/or invisible to the users of the set, the rights of the users of other sets are visible and/or invisible to the users of the set, and the rights of the users of the set are visible and/or invisible to the other users; the attribute rules include rights for visible and/or invisible attributes of users of the collection.
In a specific embodiment, the determining at least one set of whitelists visible to the user and at least one set of blacklists not visible according to the permission rule includes:
Generating a white list set visible to the user and a black list set invisible to the user corresponding to the set according to the authority rule corresponding to the set aiming at each set to which the user belongs; the white list set corresponding to each set comprises a main white list set and an attribute white list set, and the black list set corresponding to each set comprises a main black list set and an attribute black list set.
In a specific embodiment, the calculating the visibility set corresponding to the user according to the priority of the authority rule corresponding to each type set in the at least one set, the at least one blacklist set, and the at least one whitelist set includes:
Respectively acquiring a blacklist set and a whitelist set corresponding to each type of set aiming at each type of set in the at least one set, wherein the blacklist set corresponding to each type of set comprises a main blacklist set and an attribute blacklist set of the type set, and the whitelist set corresponding to each type of set comprises a main whitelist set and a main whitelist set of the type set;
And according to the priority of the authority rule corresponding to each type set, sequentially carrying out logic calculation on the white list set and the black list set corresponding to each priority set according to the sequence from the lowest priority to the highest priority, so as to obtain a visibility set corresponding to the user, wherein the visibility set comprises a main visibility set and an attribute visibility set.
In a specific embodiment, the obtaining, for each type of set in the at least one set, a blacklist set and a whitelist set corresponding to each type of set respectively includes:
for each set in the organization set in the at least one set, traversing downwards the main body white list set of the node where the user is located and the main body white list set of the child node under the node where the user is located in the organization architecture where the user is located firstly, traversing the main body white list set of the parent node of the upper level of the node where the user is located and the main body white list sets of other nodes under the parent node of the upper level of the node, iterating upwards step by step in the mode of the step until reaching the root node of the organization architecture, and obtaining the main body white list set corresponding to each set of the organization set type;
Traversing the main blacklist set of the node where the user is located and the main blacklist set of the child node under the node where the user is located downwards, traversing the main blacklist set of the parent node at the upper level of the node where the user is located and the main blacklist sets of other nodes under the parent node at the upper level, iterating upwards step by step in the mode of the step until reaching the root node of the organization structure, and obtaining the main blacklist set corresponding to each set of the organization set type;
Obtaining a main body white list set corresponding to the set of the organization set type by taking a union set of all main body white list sets corresponding to the set of the organization set type;
Obtaining a main blacklist set corresponding to the set of the organization type by taking a union set of all main blacklist sets corresponding to the set of the organization type;
obtaining a union set of all attribute blacklist sets corresponding to the set of the organization set type to obtain an attribute blacklist set corresponding to the set of the organization set type;
Obtaining a union set of all attribute white list sets corresponding to the set of the organization type to obtain an attribute white list set of the organization type;
The organization architecture is a tree structure formed by multiple levels of architectures, the root node is the uppermost organization where the user is located, and each level of nodes from the root node to the bottom represents the subordinate organization of the upper level.
In a specific embodiment, the obtaining, for each type of set in the at least one set, a blacklist set and a whitelist set corresponding to each type of set respectively includes:
Aiming at any type of set in the character set, the label set and the other sets in the at least one set, taking the union set of all blacklist sets corresponding to the type of set to obtain the blacklist set corresponding to the type of set;
and taking the union set of all the white list sets corresponding to the type set to obtain the white list set of the type set.
In a specific embodiment, before the receiving the information query request sent by the terminal device of the user, the method further includes:
Acquiring access right rules configured by at least one management user for the user through other terminal equipment; the access permission rules comprise permission rules configured for at least one set to which the user belongs in a visible mode or an invisible mode;
And storing the access right rule into a database.
In a specific embodiment, the obtaining at least one access right rule configured by a management user for the user through other terminal devices includes:
and acquiring at least one access authority rule configured by the management user to the user through the other terminal equipment through the set message middleware.
In a specific embodiment, the access right rule includes at least one of the following right rules:
organizing authority rules corresponding to the collection;
Authority rules corresponding to the role sets;
the authority rule corresponding to the label set;
and the right rules corresponding to other sets.
In a specific embodiment, the returning, to the terminal device, the information queried by the user according to the visibility set includes:
and returning the visibility set to the terminal equipment.
In a specific embodiment, the information inquiry request further includes the identification of other users;
Correspondingly, the step of returning the information queried by the user to the terminal equipment according to the visibility set comprises the following steps:
Acquiring target information corresponding to the identification of the other users from the visibility set according to the identification of the other users;
and returning the target information to the terminal equipment.
In a second aspect, an embodiment of the present application provides a processing apparatus for address book visibility, including:
The receiving module is used for receiving an information inquiry request sent by terminal equipment of a user, wherein the information inquiry request comprises an identifier of the user;
the processing module is used for acquiring authority rules corresponding to at least one set to which the user belongs from a database according to the identification of the user, wherein the authority rules comprise all authorities set in a visible mode and/or authorities set in an invisible mode;
The processing module is further configured to determine at least one visible whitelist set and at least one invisible blacklist set of the user according to the permission rule, where each set to which the user belongs corresponds to one blacklist set and one whitelist set;
The processing module is further configured to calculate a visibility set corresponding to the user according to the priority of the authority rule corresponding to each type set in the at least one set, the at least one blacklist set, and the at least one whitelist set, where the visibility set includes all visible subject information and/or attribute information of the user;
And the sending module is used for returning the information queried by the user to the terminal equipment according to the visibility set.
In a third aspect, an embodiment of the present application provides an electronic device, including:
A processor, a memory, a communication interface;
The memory is used for storing executable instructions of the processor;
Wherein the processor is configured to perform the method of address book visibility processing of any one of the first aspects via execution of the executable instructions.
In a fourth aspect, an embodiment of the present application provides a readable storage medium, on which a computer program is stored, where the computer program when executed by a processor implements the method for processing address book visibility according to any one of the first aspects.
In a fifth aspect, an embodiment of the present application provides a computer program product, including a computer program, where the computer program is executed by a processor to implement a processing method for address book visibility according to any one of the first aspects.
According to the address book visibility processing method, device, equipment and medium, after an information query request is received, the permission rule corresponding to the user belonging set is obtained according to the user identifier, the black-and-white list set is determined according to the permission rule, and the visibility set of the user is determined according to the priority of the permission rule corresponding to each type set. And then, according to the visibility set of the user, information which the user wants to inquire is returned to the terminal equipment so as to be convenient for the user to check. According to the scheme, when the visibility set is calculated, the mode of combining and processing the blacklist and the whitelist is used, so that the flexibility of authority configuration is improved, and the application scene is wider.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions of the prior art, the drawings that are needed in the embodiments or the description of the prior art will be briefly described below, it will be obvious that the drawings in the following description are some embodiments of the present application, and that other drawings can be obtained according to these drawings without inventive effort to a person skilled in the art.
FIG. 1 is an interface diagram of prior art authorization of an organization provided by an embodiment of the present application;
FIG. 2a is a schematic diagram of a prior art authorization for color matching according to an embodiment of the present application;
FIG. 2b is a schematic diagram II of a prior art authorization for color matching according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a tag in the prior art according to an embodiment of the present application;
FIG. 4a is a schematic diagram of a set of computed visibility in the prior art according to an embodiment of the present application;
FIG. 4b is a second diagram illustrating a set of computed visibility in the prior art according to an embodiment of the present application;
Fig. 5a is a schematic flow chart of a first embodiment of a processing method for address book visibility provided by the present application;
fig. 5b is a schematic flow chart of a processing scheme of address book visibility according to an embodiment of the present application;
FIG. 6 is a flowchart illustrating a second embodiment of a processing method for address book visibility according to the present application;
Fig. 7 is a schematic flow chart of a third embodiment of a processing method for address book visibility provided by the present application;
Fig. 8a is a flowchart illustrating a fourth embodiment of a processing method for address book visibility provided by the present application;
FIG. 8b is a schematic diagram of an embodiment of the present application;
fig. 9 is a schematic flow chart of a fifth embodiment of a processing method for address book visibility provided by the present application;
Fig. 10a is a flowchart of a sixth embodiment of a processing method for address book visibility provided by the present application;
FIG. 10b is a schematic diagram of an interface for configuring access rights rules of an organization set according to an embodiment of the present application;
FIG. 11a is a flowchart illustrating an embodiment eight of a processing method for address book visibility provided by the present application;
FIG. 11b is a schematic diagram of an interface for querying user information according to an embodiment of the present application;
FIG. 12 is a schematic diagram of an embodiment of a processing apparatus for address book visibility according to the present application;
fig. 13 is a schematic structural diagram of an electronic device according to the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which are made by a person skilled in the art based on the embodiments of the application in light of the present disclosure, are intended to be within the scope of the application.
The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Along with rapid development of technology, the address book is used more and more widely in an organization, and more information in the address book is used, when the address book is used, a person in the organization can be checked through the address book, and certain information of the person can be checked, but because of different rights of users, the information which can be checked by the users is different.
In the prior art, users are typically authorized using a visual approach, with authorized objects organized in sets, role sets, and tag sets. For example, fig. 1 is an interface diagram for authorizing an organization in the prior art, as shown in fig. 1, when authorizing the organization, authorizing each set in the organization, that is, authorizing each department in the organization, and setting a main rule and a supplementary rule, where the main rule is that the staff of the department has authority to view all the persons in the organization, where the staff of the department has visibility of all the persons; the main rule is that staff of the department can see the man-hour of the staff of the department, and the staff of the department has authority to all people in the department; the main rule is that staff of the department can see man-hour of other departments, which means staff of the department has authority to all persons in other departments, and at the moment, the other departments can be input into the specific department through the supplementary rule.
Fig. 2a is a schematic diagram of a diagonal authorization in the prior art, as shown in fig. 2a, in which a user and a role are in many-to-many form, that is, one user may have multiple roles, and one role includes multiple users. When the role set is authorized, the role set is in a form of many-to-many, namely, one role set can authorize a plurality of authorities, and the same authority can also be authorized to a plurality of role sets. Fig. 2B is a schematic diagram of a second embodiment of the present application for color authorization in the prior art, where, as shown in fig. 2B, there are three users, namely, a user a, a user B and a user C, and the user has A, B, C, and the user has a visible attribute 1, a visible attribute 2 and a visible attribute 3, and according to the relationship between the user and the user a, the user a has a role a, the user B has a role B, and the user C has a role C; and according to the relationship between the roles and the authorities, the A visual attribute 1 and 2, the B visual attribute 3 and the C visual attribute 1 correspond to the first visual attribute 1 and 2, the second visual attribute 3 and the third visual attribute 1 of the user.
Fig. 3 is a schematic diagram of a label in the prior art, where the label in the prior art includes decision, settlement and notification, and the decision label includes 20 people, the settlement label includes 10 people, the notification label includes 5 people, and each label can be authorized in a visible manner as shown in fig. 3.
In the prior art, when the visibility set is calculated, the visibility set may be calculated according to the whitelist set of the user in three aspects of organization, role and label, for example, fig. 4a is a schematic diagram of calculating the visibility set in the prior art provided by the embodiment of the present application, as shown in fig. 4a, a is the whitelist set of the user in the organization, B is the whitelist set of the user in the role, and the user has no whitelist in the label, and then the visibility set of the user is the union set of a and B. Fig. 4B is a schematic diagram of a set of visibility calculation in the prior art, as shown in fig. 4B, where a is a set of whitelists of users in terms of organization, B is a set of whitelists of users in terms of roles, C is a set of whitelists of users in terms of labels, and then the set of visibility of the users is a union of A, B and C.
However, in the existing mode, the configuration cannot be performed for a certain user, the configuration cannot be performed for certain information, the user needs to be re-authorized when the authorization scope is updated, the configuration mode of the authority of the user is complex, and the flexibility is low.
Aiming at the problems in the prior art, the inventor finds that in the process of researching the processing method of the visibility of the address book, the permission can be set for the set where the user is located in a visible mode and/or an invisible mode, and when the user wants to use the address book to inquire information, the information inquiry request can be sent to the electronic equipment through the terminal equipment. The electronic equipment acquires authority rules corresponding to the user belonging sets from the database according to the user identification in the information query request, and then determines the visible white list set and the invisible black list set of the user according to the authority rules. And respectively calculating a white list set and a black list set for the organization set, the role set, the label set and other sets, and calculating a visibility set of the user by utilizing priorities of the four types of sets. If the user wants to inquire the information of other users, the information inquiry request also comprises the identification of the other users, after the electronic equipment acquires the visibility set of the user, the electronic equipment judges whether the other users are in the main visibility set of the user, and if so, the information of the other users corresponding to the attribute visibility set is returned to the terminal equipment; and if the other users are not in the main body visibility set of the user, sending an invisible prompt message to the terminal equipment to prompt the user that the other users are invisible. If the user wants to inquire the visibility range of the user, the electronic equipment returns the visibility set to the terminal equipment after acquiring the visibility set of the user. Based on the inventive concept, the processing scheme of the address book visibility is designed.
The application scenario of the processing method for address book visibility provided by the embodiment of the application is described below.
The application scenario includes a terminal device, other terminal devices, and an electronic device, where the electronic device is a server.
For example, before a user wants to query information of other users through an address book, a management user configures permission rules for a set to which the user belongs through other terminal equipment in a visible mode and an invisible mode, types of the set to which the user belongs are organized into a set, a role set, a label set and other sets, and the permission rules are divided into a main rule and an attribute rule. The administrative user sends the entitlement rules to the server via the message middleware, which stores them in a database.
When the user wants to inquire the information of other users through the address book, the information inquiry request can be sent to the server through the terminal equipment. After receiving the information inquiry request, the server acquires the authority rule of the set of the user from the database according to the identification of the user, and for the set of the organization, the role, the label and other types, respectively determines the corresponding main body white list set, the main body blacklist set, the attribute white list set and the attribute blacklist set according to the authority rule, and then determines the main body visibility set and the attribute visibility set of the user according to the priority of the authority rule corresponding to each type set. And the server determines whether other users are in the main body visibility set according to the main body visibility set, and if the main body visibility set is in the main body visibility set, the server returns attribute information of other users corresponding to the attribute visibility set to the terminal equipment. And if the other users are not in the main visibility set, returning an invisible prompt message to the terminal equipment, wherein the invisible prompt message is used for prompting the users to invisible the other users.
It is noted that the terminal device comprises, but is not limited to, means for communicating via a data connection/network and/or via a wireless interface, and/or another means arranged to receive/transmit communication signals. Terminal devices arranged to communicate over a wireless interface may be referred to as "wireless communication terminals", "wireless terminals" or "mobile terminals". Examples of mobile terminals include, but are not limited to, satellites or cellular telephones; tablet computers that may include a radiotelephone, pager, internet/intranet access, web browser, and/or a global positioning system (Global Positioning System, abbreviated as GPS) receiver. The terminal equipment can be a smart phone, a notebook computer or a tablet computer, and the embodiment of the application does not limit the terminal equipment and can be selected according to actual conditions.
The electronic device may be a server or a mainframe computer having functions of receiving, transmitting and storing, and the embodiment of the present application does not limit the electronic device and may be selected according to actual situations.
It should be noted that the above scenario is only an illustration of an application scenario provided by the embodiment of the present application, and the embodiment of the present application does not limit the actual forms of various devices included in the application scenario, nor limit the interaction modes between the devices, and in a specific application of the scheme, the embodiment of the present application may be set according to actual requirements.
The technical scheme of the application is described in detail through specific embodiments. It should be noted that the following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments.
Fig. 5a is a flowchart of a first embodiment of a processing method for address book visibility, as shown in fig. 5a, where the processing method for address book visibility specifically includes the following steps:
s501: and receiving an information inquiry request sent by the terminal equipment of the user, wherein the information inquiry request comprises the identification of the user.
After the management user configures the permission rules for the set to which the user belongs, the user can use the terminal equipment to inquire information of other users through the address book or check information seen by the user, and the terminal equipment can send an information inquiry request to the electronic equipment.
In this step, after the terminal device sends an information query request to the electronic device, the electronic device may receive the information query request, where the information query request includes the identifier of the user, so that the subsequent electronic device searches, according to the identifier of the user, the permission rule of the set to which the user belongs.
It should be noted that, the user identifier may be a name of the user or a number of the user, and the embodiment of the present application does not limit the user identifier, and may be selected according to practical situations.
S502: and acquiring authority rules corresponding to at least one set to which the user belongs from a database according to the identification of the user, wherein the authority rules comprise all the authorities set in a visible mode and/or the authorities set in an invisible mode.
In this step, after the electronic device receives the information query request sent by the terminal device, before the user queries, the management user configures the permission rule for the set to which the user belongs through other terminal devices, and sends the configuration permission rule to the electronic device, and the electronic device stores the configuration permission rule in the database.
The types of the collections to which the users belong include an organization collection, a role collection, a label collection and other collections, wherein the collection in the organization collection is a collection formed by users of departments in the organization, the user collection of each department is an organization collection, the user collection of one role is a role collection, the user collection of one label is a label collection, and the user collection of one other collection is another collection.
S503: and determining at least one visible white list set and at least one invisible black list set of the user according to the authority rule, wherein each set to which the user belongs corresponds to one black list set and one white list set.
In this step, after the electronic device obtains the permission rule, at least one white list set visible to the user and at least one invisible black list set can be determined according to the permission rule, where each set to which the user belongs corresponds to one black list set and one white list set.
Specifically, for each set to which a user belongs, generating a white list set visible to the user and a black list set invisible to the user corresponding to the set according to the authority rule corresponding to the set; the white list set corresponding to each set comprises a main white list set and an attribute white list set, and the black list set corresponding to each set comprises a main black list set and an attribute black list set.
For example, for a role set, the corresponding subject rule is the person in the visible set a and the user a in the invisible set a, and the set a has the user a, the user b, the user c and the user t, then the corresponding subject whitelist set is { b, c and t }, and the corresponding subject blacklist set is { a }; the attribute rules corresponding to the role set are visible attribute 1, attribute 2 and attribute 3, and invisible attribute 4, and the corresponding attribute white list set is { attribute 1, attribute 2, attribute 3}, and the corresponding attribute black list set is { attribute 4}.
For one label set, the corresponding subject rule is that people in a visible set B and users in an invisible set C are five, and users in the set B are six, seven and eight, then the corresponding subject white list set is { six, seven and eight }, and the corresponding subject black list set is { five }; the attribute rules corresponding to the tag set are visible attribute 5, attribute 6 and attribute 7, and invisible attribute 5, and the corresponding attribute whitelist set is { attribute 6, attribute 7}, and the corresponding attribute blacklist set is { attribute 5}.
For one other set, the corresponding subject rule is that the people in the visible set D and the users in the invisible set E are the people in the visible set D, and the users A, B and octyl are in the set D, then the corresponding subject white list set is { A, B and octyl }, and the corresponding subject black list set is { pentyl }; the attribute rules corresponding to the other sets are visible attribute 1, attribute 2 and attribute 7, and invisible attribute 5, and the corresponding attribute whitelist set is { attribute 1, attribute 2, attribute 7}, and the corresponding attribute blacklist set is { attribute 5}.
For an organization set, the corresponding subject rule is that any person cannot see user A in the organization set, the user of the organization set can see user A of the organization set, the user of the organization set comprises A, B, C and T, for user B, the corresponding subject white list set of the organization set to which the organization set belongs is { B, C and T }, and the corresponding subject blacklist set is { A }; the attribute rules corresponding to the organization set are visible attribute 1, attribute 2 and attribute 7, and invisible attribute 2, and the corresponding attribute whitelist set is { attribute 1, attribute 7}, and the corresponding attribute blacklist set is { attribute 2}.
It should be noted that, for the authority rule, an invisible priority mode is adopted, for example, the authority rule is that the set of users can see the set of users, the set of users cannot see the user A, and the set of users have the first, second, third and fourth. For user C, according to the authority rules, user C can see user A, and at the same time, user C cannot see user A, and then according to the invisible priority, user C cannot see user A. Therefore, the set of the main white lists corresponding to the set of the user C is { B, C and T }, and the main black list is { A }.
It should be noted that, the above examples merely illustrate determining, according to the permission rule, at least one white list set visible to the user and at least one black list set invisible to the user, and the embodiment of the present application does not specifically limit the permission rule, and may be set according to actual situations.
S504: and calculating a visibility set corresponding to the user according to the priority of the authority rule corresponding to each type set in at least one set, at least one blacklist set and at least one whitelist set, wherein the visibility set comprises all visible main body information and/or attribute information of the user.
In this step, after the electronic device determines at least one blacklist set visible to the user and at least one blacklist set invisible to the user, for each type of set in the at least one set, a blacklist set and a whitelist set corresponding to each type of set are respectively obtained, and then according to priorities of authority rules corresponding to each type of set, according to the order of lowest priority, the whitelist set and the blacklist set corresponding to each priority set are sequentially logically calculated according to the order of highest priority, so as to obtain a visibility set corresponding to the user, wherein the visibility set comprises all visible subject information and/or attribute information of the user, and the visibility set comprises a subject visibility set and an attribute visibility set.
S505: and according to the visibility set, returning information queried by the user to the terminal equipment.
In the step, after the electronic device obtains the visibility set, if the information query request further includes the identifier of the other user, it is stated that the user wants to query the information of the other user, the electronic device judges whether the other user is in the main visibility set according to the main visibility set, if the other user is in the main visibility set, the attribute information of the other user is obtained according to the attribute visibility set, and then the attribute information is returned to the value terminal device for the user to view; if the other user is not in the main visibility set, an invisible prompt message is returned to the terminal equipment to prompt the user that the other user is invisible. If the information inquiry request does not include the identification of other users, the user is required to inquire all the information which is authorized to inquire, and the visibility set is returned to the terminal equipment for the user to check.
Fig. 5b is a schematic flow chart of a processing scheme of address book visibility according to an embodiment of the present application; before the user queries information, as shown in fig. 5b, the user needs to be managed to configure the organization set authority rule, the role set authority rule, the label set authority rule and other set authority rules through other terminal devices, after the user is managed to configure the authority rule, the other terminal devices send the authority rule to the message middleware, the message middleware sends the authority rule to the electronic device, and the electronic device stores the authority rule to the database. The user inquires information through the terminal equipment, the terminal equipment sends an information inquiry request to the electronic equipment, the electronic equipment acquires corresponding authority rules from the database according to the identification of the user in the information inquiry request, and then the visibility set of the user is obtained and then sent to the terminal equipment.
According to the processing method for the visibility of the address book, the permission rules are configured in an invisible mode of a visible mode, when a user wants to inquire information, the information inquiry request is sent to the electronic device through the terminal device, the electronic device obtains the permission rules of the set to which the user belongs according to the user identification in the information inquiry request, further a corresponding black-and-white list set is obtained, and finally the visibility set of the user is obtained according to the black-and-white list set. Compared with the prior art that the visibility set is configured by using the visible mode and the visibility set is calculated by using the white list set, the configuration flexibility is improved by adopting the visible mode and the invisible mode to configure the visibility set and using the white list set and the black list set, the configuration of the refusal permission of certain information can be performed, and subtraction in the set can be realized.
Fig. 6 is a schematic flow chart of a second embodiment of a processing method for address book visibility, as shown in fig. 6, based on the foregoing embodiment, step S502 in the foregoing embodiment may be implemented by the following steps:
S601: and acquiring at least one set to which the user belongs according to the identification of the user, wherein the type of the at least one set comprises at least one type of organization set, role set, label set and other sets.
In this step, after the electronic device receives the information query request sent by the terminal device, the electronic device stores a set formed by the users in the organization, so that at least one set to which the users belong can be obtained according to the identification of the users, and the types of the at least one set include at least one type of the organization set, the role set, the label set and other sets.
S602: and inquiring and acquiring a main rule and an attribute rule corresponding to each set from rules prestored in a database aiming at each set to which the user belongs.
In this step, after the electronic device obtains at least one set to which the user belongs, before the user queries information, the management user configures a permission rule for each set and sends the permission rule to the electronic device for storage through other terminal devices, so that the electronic device queries, for each set to which the user belongs, a main rule and an attribute rule corresponding to the obtained set from rules stored in advance in a database. So that the corresponding main black-and-white list set and attribute black-and-white list set are generated according to the main rules and the attribute rules.
It should be noted that, the authority rule corresponding to each set to which the user belongs includes a main rule and an attribute rule corresponding to the set, and the main rule includes: the users within the collection may be visible and/or invisible to the permissions of the users of the collection, the users of the collection may be visible and/or invisible to the permissions of the users of other collections, the users of the collection may be visible and/or invisible to the permissions of the users of the collection, the users of other collections may be visible and/or invisible to the permissions of the users of the collection; the attribute rules include rights for visible and/or invisible attributes of the users of the collection.
Illustratively, the rights of the users in the set visible and/or invisible to the users in the set in the subject rule are exemplified, the set is a set of roles a, the roles a include users a, b, c, and d, the users in the set visible and/or invisible to the users in the set may be users in the roles a visible and/or invisible to the users in the roles a, including all users in the roles a visible and/or invisible to all users in the roles a, i.e., users a, b, c, and d may be visible and/or invisible to a, b, c, and d. It is also included that all users in character a may and/or may not see a certain user in character a, i.e., users a, b, c, d may and/or may not see a certain user in a, b, c, d.
By way of example, the permissions of users of other sets of the set of body rules that are visible and/or invisible to the users of the set are exemplified as set of labels a, which include users a, b, c, and t, and users of other sets of the set that are visible and/or invisible to the users of the set are users of the other sets that are visible and/or invisible to the users of the label a, i.e., users a, b, c, and t can see and/or cannot see the users within the other sets.
By way of example, the permissions of other users in the subject rule that are visible and/or invisible to the users of the set are exemplified as sets of other types set a, the other types set a including users a, b, c, and d, the other users being users v, the users of the set being visible and/or invisible to the other users of the set being users in the other types set a that are visible and/or invisible to the users v, i.e. users a, b, c, and d are visible and/or invisible to the users v.
By way of example, the permissions of users of other sets of the subject rules that are visible and/or invisible to the users of the set are exemplified as a set of organization set a, which includes users a, b, c, and d, users of other sets being visible and/or invisible to the users of other sets being visible and/or invisible to the users of other sets in organization set a, i.e., users a, b, c, and d being visible and/or invisible to the users a, b, c, and d.
By way of example, the permissions of users of the set that are visible and/or invisible to other users in the subject rules are exemplified as a set of organization set a, which includes users a, b, c, and d, other users being users v, users of the set that are visible and/or invisible to other users being users of the set a that are visible and/or invisible to other users, i.e., users v being able to see and/or invisible to a, b, c, and d.
By way of example, the permissions of the visible and/or invisible attributes of the users of the set in the attribute rule are exemplified, the set is a role set a, the role set a includes users a, b, c, and d, the visible and/or invisible attributes are attributes 1 and 2, and the visible and/or invisible attributes of the users of the set are visible and/or invisible attributes 1 and 2.
It should be noted that, the above examples are only examples of the permission rules, and the permission rules may also include permissions of all users visible and/or invisible to the users in the set, and the permissions of all users visible and/or invisible to the users in the set.
According to the address book visibility processing method, the set to which the user belongs is obtained according to the user identification, the main body rule and the attribute rule corresponding to the set are obtained from the database according to the set, the main body rule and the attribute rule are configured in at least one of a visible mode and an invisible mode, flexibility of configuration permission is effectively improved, meanwhile, a white list set and a black list set can be generated by using the permission rule, and subtraction of the set to generate the visibility set can be achieved.
Fig. 7 is a schematic flow chart of a third embodiment of a processing method for address book visibility, as shown in fig. 7, based on the foregoing embodiment, step S504 in the foregoing embodiment may be implemented by the following steps:
S701: and respectively acquiring a blacklist set and a whitelist set corresponding to each type of set aiming at each type of set in at least one set, wherein the blacklist set corresponding to each type of set comprises a main blacklist set and an attribute blacklist set of the type set, and the whitelist set corresponding to each type of set comprises a main whitelist set and a main whitelist set of the type set.
In this step, after determining the white list set and the black list set of the set to which the user belongs, the electronic device determines that each set corresponds to one type, where the types are: organizing the collection, the role collection, the label collection and other collections, so that the union of the main white list collections of each type of collection is determined to be the main white list collection corresponding to the type of collection, and the union of the attribute white list collections of each type of collection is determined to be the attribute white list collection corresponding to the type of collection. And determining the union of the main blacklist sets of each type of set as the main blacklist set corresponding to the type of set, and determining the union of the attribute blacklist sets of each type of set as the attribute blacklist set corresponding to the type of set. The blacklist set corresponding to each type of set comprises a main blacklist set and an attribute blacklist set of the type set, and the whitelist set corresponding to each type of set comprises a main whitelist set and a main whitelist set of the type set.
The user belongs to the group consisting of a group A, a group B, a group C, a group D and a group E, the group A and the group B are organization groups, and the group C, the group D and the group E are role types.
For example, the set of main whitelists corresponding to the set a is { user 1, user 2, user 5}, the set of main blacklists is { user 3}, the set of attribute whitelists is { attribute 1, attribute 3}, the set of attribute blacklists is { attribute 4}, the set of main whitelists corresponding to the set B is { user 1, user 2, user 3}, the set of main blacklists is { user 7}, the set of attribute whitelists is { attribute 1}, the set of attribute blacklists is { attribute 4, attribute 5}, the set of main whitelists corresponding to the organization type set is { user 1, user 2, user 3, user 5}, the set of main blacklists is { user 3, user 7}, the set of attribute whitelists is { attribute 1, attribute 3}, the set of attribute blacklists is { attribute 4, attribute 5}.
For example, the set C corresponds to the set of the subject whitelist { user 1, user 3, user 5}, the set of the subject blacklist { user 4}, the set of the attribute whitelist { attribute 1, attribute 2}, the set of the attribute blacklist { attribute 4}, the set D corresponds to the set of the subject whitelist { user 1, user 2, user 3}, the set of the subject blacklist { user 5}, the set of the attribute whitelist { attribute 1, attribute 3}, the set of the attribute blacklist { attribute 4, attribute 5}, the set E corresponds to the set of the subject whitelist { attribute 3}, the set of the subject blacklist { attribute 2}, the set of the attribute whitelist { attribute 4}, the set of the attribute blacklist { attribute 5, attribute 7}, the set of the subject whitelist { attribute 1, user 2, user 3, user 5}, the set of the subject blacklist { attribute 2, user 4, user 5}, the set of the attribute whitelist { attribute 1, attribute 2, attribute 3, attribute 4}, and attribute 7.
S702: according to the priority of the authority rule corresponding to each type set, sequentially carrying out logic calculation on the white list set and the black list set corresponding to each priority set according to the sequence from the lowest priority to the highest priority, and obtaining a visibility set corresponding to a user, wherein the visibility set comprises a main visibility set and an attribute visibility set.
In this step, after the electronic device obtains the blacklist set and the whitelist set corresponding to each type of set, because the priority of the authority rule corresponding to each type of set is stored in the electronic device, according to the priority, the whitelist set and the blacklist set corresponding to each priority set can be sequentially logically calculated according to the order from the lowest priority to the highest priority, so as to obtain a visibility set corresponding to the user, where the visibility set includes a main visibility set and an attribute visibility set.
Specifically, for calculating the main visibility set, firstly, subtracting the main blacklist set of the type set with the lowest priority from the main whitelist set of the type set with the lowest priority, then taking the union set with the main whitelist set of the type set with the second lowest priority, then subtracting the main blacklist set of the type set with the second lowest priority, then taking the union set with the main whitelist set of the type set with the third lowest priority, then subtracting the main blacklist set of the type set with the third lowest priority, then taking the union set with the main whitelist set of the type set with the highest priority, and then subtracting the main blacklist set of the type set with the highest priority, thus obtaining the main visibility set.
In another form, the principal visibility set is calculated using a formula, v= { [ (W4-B4)/(W3-B3)/(W2-B2)/(W1-B1), where V represents the principal visibility set, W1 represents the principal whitelist set of the highest-priority type set, B1 represents the principal blacklist set of the highest-priority type set, W2 represents the principal whitelist set of the third-low-priority type set, B2 represents the principal blacklist set of the third-low-priority type set, W3 represents the principal whitelist set of the second-low-priority type set, B3 represents the principal blacklist set of the second-low-priority type set, W4 represents the principal whitelist set of the lowest-priority type set, and B4 represents the principal blacklist set of the lowest-priority type set.
For calculating the attribute visibility set, firstly subtracting the attribute blacklist set of the type set with the lowest priority from the attribute whitelist set of the type set with the lowest priority, then merging the attribute blacklist set of the type set with the second lowest priority, then subtracting the attribute blacklist set of the type set with the second lowest priority, then merging the attribute whitelist set of the type set with the third lowest priority, then subtracting the attribute blacklist set of the type set with the third lowest priority, then merging the attribute blacklist set of the type set with the highest priority, and then subtracting the attribute blacklist set of the type set with the highest priority, thus obtaining the attribute visibility set.
In another form, the attribute visibility set is calculated using a formula v= { [ (w 4-b 4)/(w 3-b 3)/(w 2-b 2)/(w 1-b 1)/(v denotes the attribute visibility set, w1 denotes the attribute white list set of the highest priority type set, b1 denotes the attribute black list set of the highest priority type set, w2 denotes the attribute white list set of the third lowest priority type set, b2 denotes the attribute black list set of the third lowest priority type set, w3 denotes the attribute white list set of the second lowest priority type set, b3 denotes the attribute black list set of the second lowest priority type set, w4 denotes the attribute white list set of the lowest priority type set, and b4 denotes the attribute black list set of the lowest priority type set.
For example, if the set to which the user belongs is only two types, an organization set and a role set, the main white list set corresponding to the organization set is { user 1, user 2, user 3, user 5}, the main black list set is { user 3, user 7}, the attribute white list set is { attribute 1, attribute 3}, and the attribute black list set is { attribute 4, attribute 5}. The main white list set corresponding to the role set is { user 1, user 2, user 3, user 5}, the main black list set is { user 2, user 4, user 5}, the attribute white list set is { attribute 1, attribute 2, attribute 3, attribute 4}, and the attribute black list set is { attribute 4, attribute 5, attribute 7}. The priorities are in order from low to high: organizing the authority rules of the collection, the authority rules of the label collection, the authority rules of the role collection and the authority rules of other collections.
Thus, the way the set of subject visibility is calculated is: the main body blacklist set corresponding to the organization set is subtracted from the main body whitelist set corresponding to the organization set to obtain the result { user 1, user 2, user 5}, the main body whitelist set corresponding to the role set is taken as a union set to obtain the result { user 1, user 2, user 3, user 5}, and the main body blacklist set corresponding to the role set is subtracted to obtain the result { user 1, user 3}, so the main body visibility set is { user 1, user 3}.
The manner in which the set of property visibility is calculated is: the attribute white list set corresponding to the organization set is subtracted from the attribute black list set corresponding to the organization set, the obtained result is { attribute 1, attribute 3}, the union set is taken from the attribute white list set corresponding to the role set, the obtained result is { attribute 1, attribute 2, attribute 3, attribute 4}, the obtained result is subtracted from the attribute black list set corresponding to the role set, and the obtained result is { attribute 1, attribute 2, attribute 3}, so the attribute visibility set is { attribute 1, attribute 2, attribute 3}.
For example, if the set to which the user belongs is of four types, the organization set, the role set, the label set and other sets, the main white list set corresponding to the organization set is { user 1, user 2, user 5}, the main black list set is { user 5}, the attribute white list set is { attribute 1, attribute 3}, and the attribute black list set is { attribute 3, attribute 5}. The main white list set corresponding to the role set is { user 1, user 5}, the main blacklist set is { user 2}, the attribute white list set is { attribute 1, attribute 4}, and the attribute blacklist set is { attribute 5, attribute 7}. The main white list set corresponding to the label set is { user 1, user 5, user 7}, the main black list set is { user 2, user 3}, the attribute white list set is { attribute 1, attribute 3, attribute 4}, and the attribute black list set is { attribute 5, attribute 6, attribute 7}. The main white list set corresponding to other sets is { user 1, user 2, user 5}, the main black list set is { user 2, user 7}, the attribute white list set is { attribute 1, attribute 2, attribute 4}, and the attribute black list set is { attribute 3, attribute 5, attribute 7}. The priorities are in order from low to high: other sets of authority rules, an organization set of authority rules, a label set of authority rules and a role set of authority rules.
Thus, the way the set of subject visibility is calculated is: the main body white list set corresponding to other sets is subtracted from the main body blacklist set corresponding to other sets to obtain the result { user 1, user 5}, the main body white list set corresponding to the organization set is taken as a union set, the obtained result { user 1, user 2, user 5}, the main body blacklist set corresponding to the organization set is subtracted from the main body blacklist set corresponding to the organization set to obtain the result { user 1, user 2}, the main body white list set corresponding to the label set is taken as a union set, the obtained result { user 1, user 2, user 5, user 7}, the main body blacklist set corresponding to the label set is subtracted from the main body blacklist set corresponding to the role set to obtain the result { user 1, user 5, user 7}, and the main body visibility set is { user 1, user 5, user 7}.
The manner in which the set of property visibility is calculated is: the attribute white list set corresponding to the other sets is subtracted by the attribute black list set corresponding to the other sets, the obtained result is { attribute 1, attribute 2, attribute 4}, the obtained result is { attribute 1, attribute 2, attribute 3, attribute 4}, the obtained result is { attribute 1, attribute 2, attribute 4}, the obtained result is { attribute 1, attribute 2, attribute 3, attribute 4}, the obtained result is { attribute 1, attribute 3, attribute 4}, the obtained result is { attribute 2, attribute 3, attribute 4}, the obtained result is { attribute 1, attribute 2, attribute 3, attribute 4}, the obtained result is { attribute black list set corresponding to the label set.
It should be noted that, the embodiment of the present application does not limit the number of the collection types to which the user belongs, and the number may be one or four, and may be determined according to actual situations.
It should be noted that, before the implementation of the scheme, the priority of the authority rule corresponding to each type set is set in the electronic device by the management user, and is used for calculating the visibility set of the user according to the priority. The priority of the authority rule corresponding to each type set can be from low to high: organizing the authority rules of the collection, the authority rules of the label collection, the authority rules of the role collection and the authority rules of other collections; it is also possible that: other sets of authority rules, label sets of authority rules, role sets of authority rules, and organization sets of authority rules. The embodiment of the application does not limit the priority, and can be set according to actual conditions.
According to the address book visibility processing method provided by the embodiment, the blacklist set and the whitelist set corresponding to each type set are calculated, and the visibility set of the user is obtained by combining the priority of the authority rule of each type set. The visibility set of the user is calculated through the blacklist set and the whitelist set, so that the visibility set can be successfully calculated when some information users have no right to view and the users cannot view some users.
Fig. 8a is a flow chart of a fourth embodiment of a processing method for address book visibility, as shown in fig. 8a, where, on the basis of the foregoing embodiment, when a set to which a user belongs is an organization set, step S701 in the foregoing embodiment may be implemented by the following steps:
S801: and traversing the main body white list set of the node where the user is located and the main body white list set of the child node under the node where the user is located in the organization architecture where the user is located downwards, traversing the main body white list set of the parent node of the upper level of the node where the user is located and the main body white list sets of other nodes under the parent node of the upper level, traversing the main body white list sets of the parent node of the upper level of the node where the user is located and the main body white list sets of other nodes under the parent node of the upper level of the node, iterating upwards step by step in the mode of the step until reaching the root node of the organization architecture, and obtaining the main body white list set corresponding to the set of the organization type.
In this step, since the organization architecture is a tree structure formed by multiple levels of architectures, the root node is the uppermost organization where the user is located, each level of nodes from the root node down represents the subordinate organization of the upper level, and each level of nodes includes subordinate users and/or subordinate organizations. When the set of the user is an organization set, the method for calculating the main white list set of the user in the set is as follows: the method comprises the steps of firstly obtaining a main body white list set of a node where a user is located, traversing the next level node of the node where the user is located downwards, judging whether the user can see all users in the next level node, if the user can not see all users in the next level node, not updating the main body white list set, and not traversing the node under the next level node downwards. If the user can see the user in the next level node, the main body white list set of the user in the next level node and the main body white list set of the node where the user is located are combined to obtain a new main body white list set. And traversing downwards in sequence until no next-level node exists.
After traversing the lower node of the node where the user is located, iterating upwards to the upper parent node of the node where the user is located, judging whether the user sees all users in the upper parent node, if the user does not see all users in the upper parent node, not updating the main white list set, not traversing downwards the node below the upper parent node, and iterating upwards to the parent secondary node of the node where the user is located.
If the user can see the user in the parent node at the upper level, a new main body white list set is obtained according to the union set of the main body white list set of the user in the parent node at the upper level and the main body white list set updated by the user. And traversing nodes except the node where the user is and the node below the node in sequence downwards, judging whether the user sees all users in the node, if the user does not see all users in the node, not updating the main white list set, and not traversing the node below the level node downwards. If the user can see the user in the node, the main white list set of the user in the node and the updated white list set of the user are combined to obtain a new main white list set. And traversing downwards in sequence until no next level node exists, and iterating upwards to a father level node of the node where the user is located.
And iterating upwards step by step according to the method until reaching the root node of the organization architecture, and obtaining a main white list set corresponding to the set of the organization set type.
S802: firstly traversing the main body white list set of the node where the user is located and the main body black list set of the child node under the node where the user is located downwards in the organization framework where the user is located, then traversing the main body black list set of the parent node of the upper level of the node where the user is located and the main body black list sets of other nodes under the parent node of the upper level, and then traversing the main body black list sets of the parent node of the upper level of the node where the user is located and the main body black list sets of other nodes under the parent node of the upper level of the node, iterating upwards step by step in the mode of the step until reaching the root node of the organization framework, and obtaining the main body black list set corresponding to the set of the organization set type.
In this step, when the set where the user is located is an organization set, the manner of calculating the main blacklist set of the set is as follows: firstly, acquiring a main blacklist set of a node where a user is located, traversing the next level node of the node where the user is located downwards, judging whether the user can see all users in the next level node, if the user can not see all users in the next level node, not updating the main blacklist set, and not traversing the node under the next level node downwards. If the user can see the user in the next level node, the main blacklist set of the user in the next level node is combined with the main blacklist set of the node where the user is located, and a new main blacklist set is obtained. And traversing downwards in sequence until no next-level node exists.
After traversing the lower node of the node where the user is located, iterating upwards to the upper parent node of the node where the user is located, judging whether the user sees all users in the upper parent node, if the user does not see all users in the upper parent node, not updating the main blacklist set, not traversing the node below the upper parent node downwards, and iterating upwards to the parent secondary node of the node where the user is located.
If the user can see the user in the parent node at the upper level, a new main blacklist set is obtained according to the union of the main blacklist set of the user in the parent node at the upper level and the main blacklist set updated by the user. And traversing nodes except the node where the user is and the node below the node in sequence downwards, judging whether the user sees all users in the node, if the user does not see all users in the node, not updating the main blacklist set, and not traversing the node below the level node downwards. If the user can see the user in the node, the main blacklist set of the user in the node and the blacklist set updated by the user are combined to obtain a new main blacklist set. And traversing downwards in sequence until no next level node exists, and iterating upwards to a father level node of the node where the user is located.
And iterating upwards step by step according to the method until reaching the root node of the organization architecture, and obtaining a main blacklist set corresponding to the set of the organization set type.
By way of example, the subject whitelist set and the subject whitelist set corresponding to the set of the acquisition fabric set type are exemplified below.
Fig. 8b is an architectural diagram provided in the embodiment of the present application, as shown in fig. 8b, a user U001 wants to query other user information, and two nodes where U001 is located, that is, two sets where U001 is located are respectively 2.1.1 and 2.2.1.2, and two nodes are respectively described below.
For node 2.2.1.2, the corresponding permission rules are that all users and all people in the set are visible to the set, and U002 and U004 are not visible to the set, so for user U001, the corresponding main body white list set is { U001, U003, U005}, and the main body black list set is { U002, U004}. Traversing the nodes below 2.2.1.2, namely node 2.2.1.2.1 and node 2.2.1.2.2, for node 2.2.1.2.1, the corresponding rule authority is that all users in the set are visible for other sets, so that user U001 can see users in node 2.2.1.2.1, the main white list of node U001 is set { U006, U007, U008}, the main black list set is null, so that the main white list set of updated U001 is { U001, U003, U005, U006, U007, U008}, and the main black list set is unchanged. For node 2.2.1.2.2, the corresponding rule authority is that all users in this set are not visible to other sets, so user U001 does not see all users in node 2.2.1.2.2, and does not update the subject whitelist set and the subject blacklist set. The main white list set of U001 is { U001, U003, U005, U006, U007, U008}, and the main black list set is { U002, U004}.
The parent node of the previous level, namely node 2.2.1, is iterated upwards, the authority rule of the node is that all people can see all users in the set, so U001 can see all users in the set, no direct user exists under the node, namely the main white list set and the main blacklist set are empty sets, the main white list set of the user U001 is still { U001, U003, U005, U006, U007, U008}, and the main blacklist set is still { U002, U004}. Nodes except for the nodes under 2.2.1.2 and 2.2.1.2, namely the nodes 2.2.1.1 and the nodes 2.2.1.3 are traversed downwards, and for the nodes 2.2.1.1, the corresponding permission rule is that all users in the set are invisible to all persons, so that all users in the set are invisible to U001, the white list set and the black list combination are not updated, and the set under the nodes 2.2.1.1 is not traversed continuously. For node 2.2.1.3, the corresponding permission rule is that all users in the set are visible to all people, U001 is invisible to U202, so U001 is visible to users in the set, the main body whitelist of the node U001 is set { U200, U201}, the main body blacklist set is { U202}, so the main body whitelist set of updated U001 is { U001, U003, U005, U006, U007, U008, U200, U201}, and the main body blacklist set is { U002, U004, U202}. And traversing the nodes under 2.2.1.3, namely node 2.2.1.3.1, wherein the corresponding authority rule is that the users in the set are visible to the users in the set, so that U001 cannot see all the users in the set, the white list set and the black list set are not updated, and the set under the node 2.2.1.3.1 is not continuously traversed. To this end, the set of main whitelists of U001 is { U001, U003, U005, U006, U007, U008, U200, U201}, and the set of main blacklists is { U002, U004, U202}.
The parent node of the upper two stages is iterated upwards, namely node 2.2, the authority rule of the node is that all users in the set are visible in the set, so that U001 can see all users in the set, no directly-affiliated users exist under the node, namely the main body white list set and the main body blacklist set are empty sets, the main body white list set of the user U001 is still { U001, U003, U005, U006, U007, U008, U200, U201}, and the main body blacklist set is still { U002, U004, U202}. Nodes except the nodes under 2.2.1 and 2.2.1, namely the node 2.2.2 are traversed downwards, the corresponding permission rules are the users in the U001 visible set and other set invisible set users, and according to invisible priority, all the users in the U001 invisible set are not updated, the combination of a white list set and a black list is not updated, and the traversing of the set under the node 2.2.2 is not continued. To this end, the set of main whitelists of U001 is { U001, U003, U005, U006, U007, U008, U200, U201}, and the set of main blacklists is { U002, U004, U202}.
The method comprises the steps of iterating upwards to an upper-level father node, namely a node 2, wherein the authority rule of the node is that all users in the set are invisible to all people, so that all users in the set are invisible to U001, the combination of a white list set and a black list is not updated, and the set under the node 2 is not continuously traversed. To this end, the set of main whitelists of U001 is { U001, U003, U005, U006, U007, U008, U200, U201}, and the set of main blacklists is { U002, U004, U202}. And then iterating upwards to the ROOT node ROOT, ending the calculation, wherein the main body white list set of U001 is { U001, U003, U005, U006, U007, U008, U200, U201}, and the main body black list set is { U002, U004, U202}.
For node 2.1.1, the corresponding permission rule is that all users in the set are visible to the set, namely, U001 is visible to the users in the set, the main body white list set of the user U001 is { U001, U403, U404, U405}, and the main body black list set is an empty set. There are no subordinate nodes below and an up iteration is required.
Iterating up to node 2.1, where the corresponding permission rule is that all users in the set are visible in the set, U001 is not visible U003, and U001 is the user in the set, where the main whitelist of node U001 is set { U400, U401}, and the main blacklist set is { U003}, so that the main whitelist set of updated U001 is { U001, U403, U404, U405, U400, U401}, and the main blacklist set is { U003}. There are no other subordinate nodes below node 2.1 except node 2.1.1, and an up iteration is required.
The node iterates upwards to the node 2, and the authority rule of the node is that all users in the set are invisible to all people, so that all users in the set are invisible to U001, the combination of the white list set and the black list is not updated, and the set under the node 2 is not continuously traversed. The set of the main white lists of U001 is { U001, U403, U404, U405, U400, U401}, and the set of the main black lists is { U003}. And then iterating upwards to the ROOT node ROOT, ending the calculation, wherein the main body white list set of U001 is { U001, U403, U404, U405, U400, U401}, and the main body black list set is { U003}.
It should be noted that, the above examples are only examples of calculating the main white list set and the main blacklist set when the set to which the computing user belongs is an organization set, and the embodiment of the present application does not limit the organization structure and the node authority, and may be set according to practical situations.
S803: and taking the union set of all the main body white list sets corresponding to the set of the organization set type to obtain the main body white list set corresponding to the set of the organization type.
S804: and taking the union set of all the main blacklist sets corresponding to the set of the organization set type to obtain the main blacklist set corresponding to the set of the organization type.
In the above steps, after the electronic device obtains the main white list set and the main black list set of the user in each set in the organization set, the union set is obtained from all the main white list sets corresponding to the set of the organization set type to obtain the main white list set corresponding to the set of the organization type, and the union set is obtained from all the main black list sets corresponding to the set of the organization set type to obtain the main black list set corresponding to the set of the organization type.
Illustratively, based on the example in step S802, the set of the body whitelists of the user U001 in the set 2.2.1.2 is { U001, U003, U005, U006, U007, U008, U200, U201}, and the set of the body blacklists is { U002, U004, U202}. The main white list of the user U001 in the set 2.1.1 is { U001, U403, U404, U405, U400, U401}, and the main black list set is { U003}. Therefore, the set of the organization types corresponds to the set of the subject whitelists { U001, U003, U005, U006, U007, U008, U200, U201, U403, U404, U405, U400, U401}, and the set of the organization types corresponds to the set of the subject blacklists { U002, U004, U202, U003}.
S805: and taking the union set of all the attribute blacklist sets corresponding to the set of the organization set type to obtain the attribute blacklist set corresponding to the set of the organization type.
S806: and taking the union set of all the attribute white list sets corresponding to the set of the organization types to obtain the attribute white list set of the organization types.
In the above steps, after the electronic device obtains the attribute white list set and the attribute black list set of the user in each set in the organization set, the electronic device obtains the attribute black list set corresponding to the organization type set by taking the union set from all the attribute black list sets corresponding to the organization type set, and obtains the attribute white list set of the organization type set by taking the union set from all the attribute white list sets corresponding to the organization type set.
Illustratively, based on the example in step S802, user U001 has { Attribute 1, attribute 2, attribute 3} in the Attribute white list set of set 2.2.1.2, attribute black list set of { Attribute 5}. The attribute white list of the user U001 in the set 2.1.1 is { attribute 1, attribute 3, attribute 4}, and the attribute black list set is { attribute 7}. Therefore, the set of attribute whitelists corresponding to the set of organization types is { attribute 1, attribute 2, attribute 3, attribute 4}, and the set of attribute blacklists corresponding to the set of organization types is { attribute 5, attribute 7}.
In the step S801 and the step S802, the order of acquiring the main white list set and the main black list set of the user in each set may be that the main white list set is acquired first and then the main black list set is acquired, or that the main black list set is acquired first and then the main white list set is acquired, or that the main black list set is combined with the main white list set and acquired simultaneously. The embodiment of the application does not limit the sequence of acquiring the main body white list set and the main body black list set of the user in each set, and can be set according to actual conditions.
The execution sequence of step S803 and step S804 may be executed first step S803 and then step S804, may be executed first step S804 and then step S805, or may be executed simultaneously step S803 and step S804. The embodiment of the present application does not limit the execution sequence of step S803 and step S804, and may be set according to actual situations.
It should be noted that, for the execution sequence of step S805 and step S806, step S805 may be executed first and then step S806 may be executed, step S806 may be executed first and then step S805 may be executed, or step S805 and step S806 may be executed simultaneously. The embodiment of the present application does not limit the execution sequence of step S805 and step S806, and may be set according to actual situations.
According to the address book visibility processing method provided by the embodiment, the main body white list set and the main body blacklist set of the user in each organization set are obtained in a traversing and iteration mode, and then the main body white list set and the main body blacklist set corresponding to the organization set are obtained. The white list and the black list are obtained in the process of calculating the visibility set of the user, so that the visibility set can be successfully calculated when some information users have no right to view and the user cannot view some users.
Fig. 9 is a flow chart of a fifth embodiment of a processing method for address book visibility, as shown in fig. 9, on the basis of the foregoing embodiment, when a set to which a user belongs is a role set, a label set, and any one of other sets, step S701 in the foregoing embodiment three may be implemented by:
S901: and aiming at any type of set in the character set, the label set and the other sets in at least one set, and taking all blacklist sets corresponding to the type set out of the union sets to obtain the blacklist set corresponding to the type set.
S902: and taking the union set of all the white list sets corresponding to the type sets to obtain the white list set of the type set.
In the above step, for any one type of the character set, the tag set and the other set in at least one set, if there are multiple sets under the type, each set will have a white list set and a black list set, the white list set is divided into a main white list set and an attribute white list set, and the black list set is divided into a main black list set and an attribute black list set. And taking the union of all the main blacklist sets corresponding to the type sets to obtain main blacklist sets corresponding to the type sets, taking the union of all the attribute blacklist sets corresponding to the type sets to obtain attribute blacklist sets corresponding to the type sets, taking the union of all the main whitelist sets corresponding to the type sets to obtain main whitelist sets corresponding to the type sets, and taking the union of all the attribute whitelist sets corresponding to the type sets to obtain attribute whitelist sets corresponding to the type sets.
For example, for the role set, there are two sets under the type, set a and set B, respectively, the main white list set corresponding to set a is { user 1, user 2, user 3}, the main black list set is { user 4}, the attribute white list is { attribute 1, attribute 2}, and the attribute black list is { attribute 3}. The main white list set corresponding to the set B is { user 1, user 5}, the main black list set is { user 6}, the attribute white list is { attribute 1}, and the attribute black list is { attribute 5}. The main white list corresponding to the role set is { user 1, user 2, user 3, user 5}, the main black list is { user 4, user 6}, the attribute white list corresponding to the role set is { attribute 1, attribute 2}, and the attribute black list is { attribute 3, attribute 5}.
According to the processing method for the address book visibility, the white list and the black list are obtained in the process of calculating the visibility set of the user, so that the visibility set can be successfully calculated when some information users cannot view the information users and the users cannot view the information users.
Fig. 10a is a flowchart of a sixth embodiment of a processing method for address book visibility, where, as shown in fig. 10a, before receiving an information query request sent by a terminal device of a user, the processing method for address book visibility further includes the following steps:
s1001: acquiring at least one access authority rule configured by a management user for the user through other terminal equipment; the access permission rules comprise permission rules configured for at least one set to which the user belongs in a visible mode or an invisible mode.
Access permission rules configured for the user are required before the user wants to query the information using the address book.
In the step, the management user can configure access authority rules for the user through other terminal equipment; the access permission rules comprise permission rules configured for at least one set to which the user belongs in a visible mode or an invisible mode. And then the access right rule is sent to the electronic equipment, and the electronic equipment can receive the access right rule.
Specifically, the electronic device may obtain, through the set message middleware, at least one access permission rule configured by the management user to the user through the other terminal device. After the access right rule is configured, the management user can send the access right rule to the message middleware, and the message middleware sends the access right rule to the electronic equipment.
Fig. 10b is an interface schematic diagram of an access right rule of a configuration organization set according to an embodiment of the present application. As shown in fig. 10b, the access right rule can be configured at this interface, and the configuration is more convenient by combining the main rule and the supplementary rule.
It should be noted that, fig. 10b is only a schematic illustration of an interface for configuring access right rules of an organization set, and the embodiment of the present application does not limit a manner and an interface for configuring access right rules of an organization set, and may be selected according to practical situations.
S1002: the access right rules are stored in a database.
In this step, after the electronic device obtains the access right rule, the access right rule is stored in the database, so that the access right rule can be called from the database when the user inquires information later.
It should be noted that the access permission rule includes at least one of the following permission rules: the authority rules corresponding to the organization sets, the authority rules corresponding to the role sets, the authority rules corresponding to the label sets and the authority rules corresponding to other sets.
According to the address book visibility processing method provided by the embodiment, before a user uses address book query information, a management user can well configure access right rules, and the access right rules are sent to electronic equipment and stored in a database. During configuration, visible and invisible modes are used for configuration, so that the flexibility of configuration permission is effectively improved. In addition, in the process of sending the authority rule configuration to the electronic equipment, message middleware is used, so that the transmission efficiency is higher.
In the following, a seventh embodiment of the processing method for address book visibility provided by the present application is described, where in this embodiment, a user wants to view his authority range, that is, can see which users and which attribute information can be seen. Therefore, after the electronic equipment acquires the visibility set of the user, the visibility set is returned to the terminal equipment, and after the terminal receives the visibility set, other user information viewable by the user is displayed to the user.
According to the processing method for the address book visibility, the visibility set is returned to the terminal equipment, so that a user can see which users can see and which attribute information can be checked, and the practicability and user experience are improved.
Fig. 11a is a flowchart of an embodiment eight of a processing method for address book visibility, where, as shown in fig. 11a, when a user wants to query information of some other user, an information query request further includes an identifier of the other user, and after an electronic device obtains a visibility set of the user, the processing method for address book visibility further includes the following steps:
s1101: and acquiring target information corresponding to the identification of the other users from the visibility set according to the identification of the other users.
S1102: and returning the target information to the terminal equipment.
In the above step, after the electronic device obtains the visibility set of the user, according to the main visibility set of the user and the identification of other users, it is determined whether the other users are in the main visibility set of the user, if the other users are not in the main visibility set of the user, an invisible prompt message is returned to the terminal device to prompt the user that the other users are invisible. If the other user is in the main body visibility set of the user, according to each attribute in the attribute visibility set, inquiring attribute information of the attribute corresponding to the other user, wherein the attribute information of the other user corresponding to each attribute in the attribute visibility set forms target information corresponding to the identifier of the other user, and then the target information is returned to the terminal equipment, so that the user can check the attribute information of the other user through the terminal equipment.
Fig. 11B is a schematic diagram of an interface for querying user information provided in an embodiment of the present application, where user a wants to query that user a can not see information of user B, and after user a and user B can be input, click a query button to obtain a query result that user a cannot see user B.
It should be noted that, fig. 11b is a schematic diagram of an interface for querying user information provided in the embodiment of the present application, and the embodiment of the present application does not limit the interface, and may be set according to practical situations.
According to the processing method for the address book visibility, whether other users are in the main body visibility set or not is judged, and the attribute information of the other users can be acquired only when the other users are in the main body visibility set, so that the safety of the address book is effectively improved.
The following are examples of the apparatus of the present application that may be used to perform the method embodiments of the present application. For details not disclosed in the embodiments of the apparatus of the present application, please refer to the embodiments of the method of the present application.
FIG. 12 is a schematic diagram of an embodiment of a processing apparatus for address book visibility according to the present application; as shown in fig. 12, the apparatus 120 includes:
A receiving module 121, configured to receive an information query request sent by a terminal device of a user, where the information query request includes an identifier of the user;
The processing module 122 is configured to obtain, from a database, a permission rule corresponding to at least one set to which the user belongs according to the identifier of the user, where the permission rule includes all permissions set in a visible manner and/or permissions set in an invisible manner;
The processing module 122 is further configured to determine at least one whitelist set visible to the user and at least one blacklist set invisible to the user according to the permission rule, where each set to which the user belongs corresponds to one blacklist set and one whitelist set;
The processing module 122 is further configured to calculate, according to the priority of the permission rule corresponding to each type set in the at least one set, the at least one blacklist set, and the at least one whitelist set, a visibility set corresponding to the user, where the visibility set includes all visible subject information and/or attribute information of the user;
and a sending module 123, configured to return, to the terminal device, the information queried by the user according to the visibility set.
Further, the processing module 122 is specifically configured to:
Acquiring at least one set to which the user belongs according to the identification of the user, wherein the type of the at least one set comprises at least one type of an organization set, a role set, a label set and other sets;
For each set to which the user belongs, inquiring and acquiring a main rule and an attribute rule corresponding to the set from rules stored in the database in advance;
The authority rule corresponding to each set to which the user belongs comprises a main rule and an attribute rule corresponding to the set, and the main rule comprises: the rights of the users of the set are visible and/or invisible to the users of the set, the rights of the users of other sets are visible and/or invisible to the users of the set, and the rights of the users of the set are visible and/or invisible to the other users; the attribute rules include rights for visible and/or invisible attributes of users of the collection.
Further, the processing module 122 is specifically further configured to:
Generating a white list set visible to the user and a black list set invisible to the user corresponding to the set according to the authority rule corresponding to the set aiming at each set to which the user belongs; the white list set corresponding to each set comprises a main white list set and an attribute white list set, and the black list set corresponding to each set comprises a main black list set and an attribute black list set.
Further, the processing module 122 is specifically further configured to:
Respectively acquiring a blacklist set and a whitelist set corresponding to each type of set aiming at each type of set in the at least one set, wherein the blacklist set corresponding to each type of set comprises a main blacklist set and an attribute blacklist set of the type set, and the whitelist set corresponding to each type of set comprises a main whitelist set and a main whitelist set of the type set;
And according to the priority of the authority rule corresponding to each type set, sequentially carrying out logic calculation on the white list set and the black list set corresponding to each priority set according to the sequence from the lowest priority to the highest priority, so as to obtain a visibility set corresponding to the user, wherein the visibility set comprises a main visibility set and an attribute visibility set.
Further, the processing module 122 is specifically further configured to:
for each set in the organization set in the at least one set, traversing downwards the main body white list set of the node where the user is located and the main body white list set of the child node under the node where the user is located in the organization architecture where the user is located firstly, traversing the main body white list set of the parent node of the upper level of the node where the user is located and the main body white list sets of other nodes under the parent node of the upper level of the node, iterating upwards step by step in the mode of the step until reaching the root node of the organization architecture, and obtaining the main body white list set corresponding to each set of the organization set type;
Traversing the main blacklist set of the node where the user is located and the main blacklist set of the child node under the node where the user is located downwards, traversing the main blacklist set of the parent node at the upper level of the node where the user is located and the main blacklist sets of other nodes under the parent node at the upper level, iterating upwards step by step in the mode of the step until reaching the root node of the organization structure, and obtaining the main blacklist set corresponding to each set of the organization set type;
Obtaining a main body white list set corresponding to the set of the organization set type by taking a union set of all main body white list sets corresponding to the set of the organization set type;
Obtaining a main blacklist set corresponding to the set of the organization type by taking a union set of all main blacklist sets corresponding to the set of the organization type;
obtaining a union set of all attribute blacklist sets corresponding to the set of the organization set type to obtain an attribute blacklist set corresponding to the set of the organization set type;
Obtaining a union set of all attribute white list sets corresponding to the set of the organization type to obtain an attribute white list set of the organization type;
The organization architecture is a tree structure formed by multiple levels of architectures, the root node is the uppermost organization where the user is located, and each level of nodes from the root node to the bottom represents the subordinate organization of the upper level.
Further, the processing module 122 is specifically further configured to:
Aiming at any type of set in the character set, the label set and the other sets in the at least one set, taking the union set of all blacklist sets corresponding to the type of set to obtain the blacklist set corresponding to the type of set;
and taking the union set of all the white list sets corresponding to the type set to obtain the white list set of the type set.
Further, the receiving module 121 is further configured to obtain at least one access right rule configured by a management user for the user through other terminal devices; the access permission rules comprise permission rules configured for at least one set to which the user belongs in a visible mode or an invisible mode;
Further, the processing module 122 is specifically further configured to store the access right rule in a database.
Further, the receiving module 121 is further configured to obtain, through the set message middleware, an access permission rule configured by the at least one management user for the user through the other terminal device.
Further, the access right rule includes at least one of the following right rules:
organizing authority rules corresponding to the collection;
Authority rules corresponding to the role sets;
the authority rule corresponding to the label set;
and the right rules corresponding to other sets.
Further, the sending module 123 is further configured to return the visibility set to the terminal device.
Further, when the information query request further includes an identifier of another user, the processing module 122 is further configured to obtain, according to the identifier of the other user, target information corresponding to the identifier of the other user from the visibility set;
Further, the sending module 123 is further configured to return the target information to the terminal device.
The processing device for address book visibility provided in this embodiment is configured to execute the technical scheme in any one of the foregoing method embodiments, and its implementation principle and technical effect are similar, and are not described herein again.
Fig. 13 is a schematic structural diagram of an electronic device according to the present application. As shown in fig. 13, the electronic device 130 includes:
a processor 131, a memory 132, and a communication interface 133;
the memory 132 is used for storing executable instructions of the processor 131;
wherein the processor 131 is configured to perform the technical solutions of any of the method embodiments described above via execution of the executable instructions.
Alternatively, the memory 132 may be separate or integrated with the processor 131.
Optionally, when the memory 132 is a device separate from the processor 131, the electronic device 130 may further include:
and a bus for connecting the devices.
The electronic device is configured to execute the technical scheme in any of the foregoing method embodiments, and its implementation principle and technical effects are similar, and are not described herein again.
The embodiment of the application also provides a readable storage medium, on which a computer program is stored, which when being executed by a processor, implements the technical solution provided by any of the foregoing method embodiments.
The embodiment of the application also provides a computer program product, which comprises a computer program, wherein the computer program is used for realizing the technical scheme provided by any one of the method embodiments when being executed by a processor.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the method embodiments described above may be performed by hardware associated with program instructions. The foregoing program may be stored in a computer readable storage medium. The program, when executed, performs steps including the method embodiments described above; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features can be replaced equivalently; such modifications and substitutions do not depart from the spirit of the application.

Claims (14)

1. The processing method for the visibility of the address book is characterized by comprising the following steps:
receiving an information inquiry request sent by terminal equipment of a user, wherein the information inquiry request comprises an identifier of the user;
acquiring authority rules corresponding to at least one set to which the user belongs from a database according to the identification of the user, wherein the authority rules comprise all authorities set in a visible mode and/or authorities set in an invisible mode;
Determining at least one visible white list set and at least one invisible black list set of the user according to the authority rule, wherein each set to which the user belongs corresponds to one black list set and one white list set;
According to the priority of the authority rule corresponding to each type set in the at least one set, the at least one blacklist set and the at least one whitelist set, a visibility set corresponding to the user is calculated, wherein the visibility set comprises all visible subject information and/or attribute information of the user, and all visible subject information of the user comprises other users visible to the user;
and returning the information queried by the user to the terminal equipment according to the visibility set.
2. The method according to claim 1, wherein the obtaining, from a database, the permission rule corresponding to the at least one set to which the user belongs according to the identification of the user includes:
Acquiring at least one set to which the user belongs according to the identification of the user, wherein the type of the at least one set comprises at least one type of an organization set, a role set, a label set and other sets;
For each set to which the user belongs, inquiring and acquiring a main rule and an attribute rule corresponding to the set from rules stored in the database in advance;
The authority rule corresponding to each set to which the user belongs comprises a main rule and an attribute rule corresponding to the set, and the main rule comprises: the rights of the users of the set are visible and/or invisible to the users of the set, the rights of the users of other sets are visible and/or invisible to the users of the set, and the rights of the users of the set are visible and/or invisible to the other users; the attribute rules include rights for visible and/or invisible attributes of users of the collection.
3. The method of claim 2, wherein said determining at least one set of whitelists and at least one set of blacklists that are not visible to the user according to the entitlement rules comprises:
Generating a white list set visible to the user and a black list set invisible to the user corresponding to the set according to the authority rule corresponding to the set aiming at each set to which the user belongs; the white list set corresponding to each set comprises a main white list set and an attribute white list set, and the black list set corresponding to each set comprises a main black list set and an attribute black list set.
4. The method of claim 3, wherein the calculating the set of visibility corresponding to the user according to the priority of the permission rule corresponding to each type set in the at least one set, the at least one blacklist set, and the at least one whitelist set comprises:
Respectively acquiring a blacklist set and a whitelist set corresponding to each type of set aiming at each type of set in the at least one set, wherein the blacklist set corresponding to each type of set comprises a main blacklist set and an attribute blacklist set of the type set, and the whitelist set corresponding to each type of set comprises a main whitelist set and a main whitelist set of the type set;
And according to the priority of the authority rule corresponding to each type set, sequentially carrying out logic calculation on the white list set and the black list set corresponding to each priority set according to the sequence from the lowest priority to the highest priority, so as to obtain a visibility set corresponding to the user, wherein the visibility set comprises a main visibility set and an attribute visibility set.
5. The method of claim 4, wherein the separately obtaining, for each of the at least one set of types, a blacklist set and a whitelist set corresponding to each set of types, comprises:
For each set in the organization set in the at least one set, traversing downwards the main body white list set of the node where the user is located and the main body white list set of the child node under the node where the user is located in the organization architecture where the user is located firstly, traversing the main body white list set of the parent node of the upper level of the node where the user is located and the main body white list sets of other nodes under the parent node of the upper level of the node, iterating upwards step by step in the mode of the step until reaching the root node of the organization architecture, and obtaining the main body white list set corresponding to each set of the organization set type;
Traversing the main blacklist set of the node where the user is located and the main blacklist set of the child node under the node where the user is located downwards, traversing the main blacklist set of the parent node at the upper level of the node where the user is located and the main blacklist sets of other nodes under the parent node at the upper level, iterating upwards step by step in the mode of the step until reaching the root node of the organization structure, and obtaining the main blacklist set corresponding to each set of the organization set type;
Obtaining a main body white list set corresponding to the set of the organization set type by taking a union set from all main body white list sets corresponding to the set of the organization set type;
Obtaining a main blacklist set corresponding to the set of the organization type by taking a union set of all main blacklist sets corresponding to the set of the organization type;
obtaining a union set of all attribute blacklist sets corresponding to the set of the organization set type to obtain an attribute blacklist set corresponding to the set of the organization set type;
Obtaining a union set of all attribute white list sets corresponding to the set of the organization type to obtain an attribute white list set of the organization type;
The organization architecture is a tree structure formed by multiple levels of architectures, the root node is the uppermost organization where the user is located, and each level of nodes from the root node to the bottom represents the subordinate organization of the upper level.
6. The method of claim 4, wherein the separately obtaining, for each of the at least one set of types, a blacklist set and a whitelist set corresponding to each set of types, comprises:
Aiming at any type of set in the character set, the label set and the other sets in the at least one set, taking the union set of all blacklist sets corresponding to the type of set to obtain the blacklist set corresponding to the type of set;
and taking the union set of all the white list sets corresponding to the type set to obtain the white list set of the type set.
7. The method according to any one of claims 1 to 6, wherein before receiving the information query request sent by the terminal device of the user, the method further comprises:
Acquiring access right rules configured by at least one management user for the user through other terminal equipment; the access permission rules comprise permission rules configured for at least one set to which the user belongs in a visible mode or an invisible mode;
And storing the access right rule into a database.
8. The method according to claim 7, wherein said obtaining at least one access right rule configured by a management user to said user through other terminal devices comprises:
and acquiring at least one access authority rule configured by the management user to the user through the other terminal equipment through the set message middleware.
9. The method of claim 7, wherein the access rights rules comprise at least one of the following rights rules:
organizing authority rules corresponding to the collection;
Authority rules corresponding to the role sets;
the authority rule corresponding to the label set;
and the right rules corresponding to other sets.
10. The method according to any one of claims 1 to 6, wherein the returning the information queried by the user to the terminal device according to the visibility set comprises:
and returning the visibility set to the terminal equipment.
11. The method according to any one of claims 1 to 6, wherein the information inquiry request further comprises an identification of other users;
Correspondingly, the step of returning the information queried by the user to the terminal equipment according to the visibility set comprises the following steps:
Acquiring target information corresponding to the identification of the other users from the visibility set according to the identification of the other users;
and returning the target information to the terminal equipment.
12. A processing apparatus for address book visibility, comprising:
The receiving module is used for receiving an information inquiry request sent by terminal equipment of a user, wherein the information inquiry request comprises an identifier of the user;
the processing module is used for acquiring authority rules corresponding to at least one set to which the user belongs from a database according to the identification of the user, wherein the authority rules comprise all authorities set in a visible mode and/or authorities set in an invisible mode;
The processing module is further configured to determine at least one visible whitelist set and at least one invisible blacklist set of the user according to the permission rule, where each set to which the user belongs corresponds to one blacklist set and one whitelist set;
The processing module is further configured to calculate, according to the priority of the authority rule corresponding to each type set in the at least one set, the at least one blacklist set, and the at least one whitelist set, a visibility set corresponding to the user, where the visibility set includes all visible subject information and/or attribute information of the user, and all visible subject information of the user includes other users visible to the user;
And the sending module is used for returning the information queried by the user to the terminal equipment according to the visibility set.
13. An electronic device, comprising:
A processor, a memory, a communication interface;
The memory is used for storing executable instructions of the processor;
Wherein the processor is configured to perform the method of address book visibility processing of any one of claims 1 to 11 via execution of the executable instructions.
14. A readable storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the method of processing address book visibility of any one of claims 1 to 11.
CN202210760062.7A 2022-06-30 2022-06-30 Address book visibility processing method, device, equipment and medium Active CN115174186B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210760062.7A CN115174186B (en) 2022-06-30 2022-06-30 Address book visibility processing method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210760062.7A CN115174186B (en) 2022-06-30 2022-06-30 Address book visibility processing method, device, equipment and medium

Publications (2)

Publication Number Publication Date
CN115174186A CN115174186A (en) 2022-10-11
CN115174186B true CN115174186B (en) 2024-05-17

Family

ID=83489652

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210760062.7A Active CN115174186B (en) 2022-06-30 2022-06-30 Address book visibility processing method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN115174186B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104333553A (en) * 2014-11-11 2015-02-04 安徽四创电子股份有限公司 Mass data authority control strategy based on combination of blacklist and whitelist
CN106022101A (en) * 2016-05-17 2016-10-12 广东欧珀移动通信有限公司 Application management method and terminal
CN106657557A (en) * 2015-10-30 2017-05-10 北京搜狗科技发展有限公司 Information control method and electronic equipment
CN109194711A (en) * 2018-07-27 2019-01-11 腾讯科技(深圳)有限公司 A kind of synchronous method of organizational structure, client, server-side and medium
CN109862025A (en) * 2019-02-28 2019-06-07 北京安护环宇科技有限公司 Access control method, apparatus and system based on black and white lists
CN111695092A (en) * 2020-05-29 2020-09-22 腾讯科技(深圳)有限公司 Authority management method, device, electronic equipment and medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200285761A1 (en) * 2019-03-07 2020-09-10 Lookout, Inc. Security policy manager to configure permissions on computing devices

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104333553A (en) * 2014-11-11 2015-02-04 安徽四创电子股份有限公司 Mass data authority control strategy based on combination of blacklist and whitelist
CN106657557A (en) * 2015-10-30 2017-05-10 北京搜狗科技发展有限公司 Information control method and electronic equipment
CN106022101A (en) * 2016-05-17 2016-10-12 广东欧珀移动通信有限公司 Application management method and terminal
CN109194711A (en) * 2018-07-27 2019-01-11 腾讯科技(深圳)有限公司 A kind of synchronous method of organizational structure, client, server-side and medium
CN109862025A (en) * 2019-02-28 2019-06-07 北京安护环宇科技有限公司 Access control method, apparatus and system based on black and white lists
CN111695092A (en) * 2020-05-29 2020-09-22 腾讯科技(深圳)有限公司 Authority management method, device, electronic equipment and medium

Also Published As

Publication number Publication date
CN115174186A (en) 2022-10-11

Similar Documents

Publication Publication Date Title
Davies et al. Beyond prototypes: Challenges in deploying ubiquitous systems
Wicker The loss of location privacy in the cellular age
CN102067555B (en) Improved biometric authentication and identification
EP2604048B1 (en) Method and apparatus for secure shared personal map layer
US9020983B2 (en) Address list system and method of implementing an address list
US20120320815A1 (en) Entity Identification Based on Proximity to Access Points
CN103858379A (en) Authenticating device users
CN111400504A (en) Method and device for identifying enterprise key people
CN104091228A (en) Systems for resource management, resource registering, resource inquiry and resource semantic corpus management of internet of things
CN101916270A (en) Design and implementation of travel navigation and rescue system server
CN101796502A (en) Method and electronic device for managing applications
CN106682146B (en) Method and system for retrieving scenic spot evaluation according to keywords
CN115174186B (en) Address book visibility processing method, device, equipment and medium
CN116860707B (en) Material genetic engineering big data safe sharing method and system based on block chain
CN111324799B (en) Search request processing method and device
Ceruti Data management challenges and development for military information systems
US8984007B2 (en) Method and apparatus using a hierachical searching scheme among virtual private communities
US11004021B2 (en) Trusted collaborative communications between organizations
CN114064843B (en) Method, device and equipment for querying interplanetary line position nodes in RDF data
CN108319659A (en) A kind of social discovery method based on encrypted image fast search
CN106294641A (en) A kind of orientation lookup method getting in touch with object
Degbelo et al. Open geodata reuse: towards natural language interfaces to web APIs
KR20140073073A (en) Method and system for phone number inquiry
CN109600450A (en) A kind of lost objects method for retrieving and system based on Internet of Things
Pils et al. Federation and sharing in the context marketplace

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant